CVE-2014-6255

Name of the Vulnerable Software and Affected Versions Zenoss Core versions prior to 4.2.5 SP161

Description The issue concerns an open redirect vulnerability in the login form. This allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came from parameter.

Recommendations For versions prior to 4.2.5 SP161, update to version 4.2.5 SP161 or later to resolve the issue. As a temporary workaround, consider restricting access to the login form or avoiding use of the came from parameter until the issue is resolved.